arxiv: v1 [cs.cr] 24 Nov 2014
|
|
- Donald Dennis Harrell
- 8 years ago
- Views:
Transcription
1 Warp2: A Method of and Messaging with Encrypted Addressing and Headers H. Bjorgvinsdottir a P. M. Bentley a,b a University of Uppsala, Uppsala, Sweden b European Spallation Source ESS AB, Box 176, Lund , Sweden November 25, 2014 arxiv: v1 [cs.cr] 24 Nov 2014 Abstract Secure communications are playing increasing roles in society, particularly in finance, journalism, and military projects. Current methods of securing and similar messaging methods rely on encryption of the message body, but the header with addressing information remains plaintext. This allows third party eavesdroppers to collect and analyse the header metadata and construct a network model of the participants in conversations (who, where, when, subject). In this article, we describe a method of communication where the header is also encrypted, hindering the assembly of the communication network models, which is verified with a working prototype application. This provides a useful tool to journalists and proponents of free speech in oppressed countries, protecting both the messages and their sources. Corresponding author: phil.m.bentley@gmail.com 1
2 1 Introduction Digital communications are widespread, and the norm for both business and personal interaction in the modern world. The most widely-used and messaging systems pass messages entirely or partially in plaintext, allowing eavesdroppers at some stage the opportunity to harvest the message content to their own ends. Common uses are the collection of contact details for spam lists, analysing message content for targeted advertisements, and occasionally financial fraud or government surveillance. More recently, the scope of government surveillance in some oppressed political regimes has become the subject of concern for those supporting democracy, free speech, and holding leaders accountable via journalism. Alice is sending Bob evidence of police corruption... To: Bob From: Alice Subject: Police corruption Dear Bob, Here are some scary photos. From Alice. Figure 1: Illustration of without encryption. An adversary can intercept the message and read it. One solution to this problem is to encrypt the communications using end-to-end public-key encryption, illustrated in figure 2. The sender encrypts the message on their device, and only a recipient with the corresponding private key is able to decrypt the message on their own device. The most famous example is the RSA method [1], which is freely implemented in GPG [2]. Using encrypted mail, the message content and any attachments are protected with strong algorithms to prevent third parties from reading the content of the message easily. However, this still leaves the metadata, which is the message header. This contains information about the sender, the recipient, the time of the correpsondence, the given subject of the message, and some of the routing that the message took. Third parties who intercept this metadata are able to reconstruct the spheres of communication in the social network of an individual: who they talk to, when and how frequently, and about what, even if the details of the messages are protected. The metadata can be gathered at each and every step of the chain of servers that transmit the messages across the internet. This means that for journalists, for example, who wish to keep the identity of their sources confidential, or for government agents who wish to be discreet about their correspondence, by using they risk exposing themselves and their message recipients to unwanted attention from third parties. To protect the users identities and the rest of the communication network, it would be necessary to encrypt the message header with strong encryption. In this way, it is more difficult to establish who is talking to whom, and the source and recipient of the message can be protected. The primary problem to solve is the passing of a message when the identity of the recipient is unknown where do you send it? The secondary problem is to make sure the system is sufficiently fast for users. In this article, we describe a prototype system along these lines, and the limitations of the current method, which may be improved considerably in future work. 2
3 Alice is sending Bob something about of police corruption. But I cannot read it... To: Bob From: Alice Subject: More police corruption Figure 2: Illustration of with currently available encryption. An adversary can intercept the message but can only read the header, not the content. 2 Description of Method Our method, which we call warp2 uses GnuPG to encrypt the message and attachments like a regular encrypted . The plaintext of the message header contains to, from, date, subject fields like a regular message. In addition to the usual header data, warp2 headers also contain unique SHA2 identifiers for separate files making up the message body and an attachment. The arrangement of files is illustrated in figure 3 Traditional messaging systems have separate inboxes for each user. If that were the case for warp2, monitoring the access to an inbox could associate a user with that address, even though the message and headers are encrypted. The solution is to have one public inbox for all users on the server, containing all current message headers. Our prototype uses GPG to encrypt both the message contents and the headers. Each encrypted header file is around 1 kb in size. All users synchronise a copy of the entire header inbox on their device. The inbox is a very simple database of header files, in our case stored with filenames that are SHA2 hashes of the encrypted header file. In the prototype, a simple MYSQL and PHP implementation was used to demonstrate the server methodology. The encrypted message body and attachment files are stored in separate fields in the database, and these are not downloaded in full. That way, the amount of traffic is minimised to just the message headers. 2.1 Sending a The device of the sender creates two or three files: the header, the message body, and an attachment if necessary. The user encrypts the message body and attachment, and calculates a SHA2 hash of the encrypted body and attachment files. These are put into the message header file. A SHA2 hash of the message header plaintext is created to allow proof of receipt (see section 3.1 later). The header is then encrypted. All three files are uploaded to the remote inbox database, along with hash of the plaintext of the header. 2.2 Receiving a The user first synchronises the inbox by downloading all new encrypted message headers from the common inbox over an encrypted connection. Next, they filter the message headers to identify which messages are intended for them. Warp2 tries to decrypt every header, and flags any headers that fail decryption to be ignored in future. On the other hand, successful decryption reveals the plaintext header, containing the identifiers of the message body and attachment. The recipient then downloads the message body and attachment, and decrypts them. Finally, the recipient computes the SHA2 hash of the plaintext header, and notifies 3
4 Header To: Bob From: Alice Subject: More police corruption hash Attachment hash Attachment Figure 3: Arrangement of files for a warp2 message. the server of this plaintext. The server can then remove the message files associated with this plaintext hash, or flag them as sent. The message sending process has now completed. An adversary may be able to establish that one or more individuals are using a warp2 server, but they cannot easily identify the participants of a particular conversation just by examining the messages alone, as shown in figure 4. If the adversary polls the server to download the messages, they are free to do so, but they do not obtain anything more than a large number of separate encrypted files, unless the have other means of breaking the encryption. 3 Discussion 3.1 Speed Issues The warp2 headers in the prototype using GPG are 1 kb in size. Assuming 1000 users on the server, sending around 10 messages per day, the client software needs to decrypt less than 10 MB of header data per day, and the daily server bandwidth would be less than 10 GB assuming the users check their inbox once per day. Reducing the number of stored messages to the minimum necessary also helps to keep the server and network requirements down. One way is to notify the database to purge messages once they have been read by the recipient. This would also expose the system to vandals who could delete any message they wanted, unless proof of readership is obtained. The message database contains a hash of the header plaintext (not the plaintext itself). The idea is that when the recipient calculates their computed hash of the header plaintext, they send it to the database which deletes the row of a matching message, since the message transmission is complete Obvious Potential Attacks The method is only as reliable as the weak points in the chain, and warp2 is exposed to the same risks as the encryption technology, in the case of the prototype this is GPG. Instead of tracking the headers, it is possible for a third party to track the private keys that are needed to decrypt the message as a form of metadata, and construct a social network model around private key IDs rather than addresses. To defend against this, a double key exchange can be envisaged. The first key exchange is made by external means, e.g. , face to face meeting, just like regular encrypted . The second key exchange happens within warp2, where the participants send their new keys to each other in a single message, and delete their old key pairs. This creates two key pairs that are anonymous to a third party, and independent of the initial point of contact, unless the warp2 messages making the key 1 This feature is partially implemented in the prototype application, the server side is missing. 4
5 Alice and Bob are using warp2... Figure 4: An adversary may be able to identify users of a warp2 server by intercepting web traffic, but not glean information about the conversation. Warp2 is just a public server full of encrypted files... Header Header Header Figure 5: Scanning of the server reveals an open server full of encrypted files. 5
6 exchange are compromised by brute force or by duplication of keys. Re-exchanging keys this way can be done as frequently as required, even per message for the super-cautious. Analysis of the server traffic then may only allow identification of a fairly large group of IP addresses who are using the server. An attacker may be able to identify users from analysing the majority of the network traffic to the server, and simultaneously polling the server at regular intervals whilst monitoring target users. By linking the timing of new messages appearing with increased encrypted traffic of the target user, it may be possible to statistically associate an IP address with an identity for that message, and hence get the current key-id. Similarly, if a message is downloaded and marked as received using the plaintext tagging described earlier, the message disappears from the system, and this could be statistically associated with possible recipients. This attack is possible even if new keys are regularly exchanged. To mitigate these central points of attack, a full warp2 deployment ideally would have a distributed inbox database, and distributed storage with a suitable redundancy of messages and attachments to keep the memory footprint manageable. This was not possible during the timeframe of the project, but potentially a desirable feature for future use. 3.3 Vandalism The prototype server accepts uploads from anybody, at the time of writing. A malicious party who wishes to bring the server down could simply flood the server with messages to nonexistent users, which nonetheless appear valid to the simplistic server code. The inbox would grow indefinitely under this scenario. In future production-ready deployments, a method of avoiding vandalism is required. 3.4 Commercial Aspects At present, the strength of the method is in the fact that large numbers of people could use a warp2 server without identifying themselves. Requiring login credentials weakens the method, because it creates unique identifiers before access to the inbox is allowed. This also affects the commercialisation of the method, since paying customers would not want to be identified. Instead of a closed system with login credential handling, warp2 is envisaged more along the lines of a TOR network. Community-minded people would run warp2 servers that are open to the public. These would be somewhat self regulating, since an over-burdened server with slow access and large numbers of messages would encourage migration of users to servers with lower loads. Of course, a military deployment or commerical deployment within individual companies could run their own warp2 server very quickly, and restrict access by using ssh keys to limit logins to authorised client software only. In this scenario, it is perhaps not such an issue to identify yourself as an employee by accessing the company warp2 server, just as a regular system. This is the foreseen deployment for journalists and governments. 3.5 About the Prototype Application The prototype is written in C++ and Qt (Qt used under the LGPL). The source code for the prototype is published on github [3] under the FreeBSD license. The current status for platform support is as follows: the client code was developed on linux (fedora 20), and OS-X (mountain lion); the server code is extremely simple, running under apache and php5, and has been developed on OpenBSD and FreeBSD. 4 Conclusions We have described and demonstrated a simple method of sending messages with encrypted addressing and message headers, protecting communications against interception and hindering the construction of network models of participants. Weaknesses in the prototype implementation have been identified, and some mitigation strategies have been proposed for future work. 5 Acknowledgements We are indebted to B. Hjörvarsson and O. Kirstein for support in this project. 6
7 References [1] R. L. Rivest, A. Shamir, L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM 21 (1978) 120. [2] [3] 7
Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationCryptography & Digital Signatures
Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 02 Overview on Modern Cryptography
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationSecure Email Frequently Asked Questions
Secure Email Frequently Asked Questions Frequently Asked Questions Contents General Secure Email Questions and Answers Forced TLS Questions and Answers SecureMail Questions and Answers Glossary Support
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationEmail Management and Security Good Practice Guide. August 2009
Email Management and Security Good Practice Guide August 2009 contents 1 Introduction to Good Practice Guides 3 2 Email Management and Security Overview 3 2.1 Understanding Good and Better Practice 4 3
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationInstalling your Digital Certificate & Using on MS Out Look 2007.
Installing your Digital Certificate & Using on MS Out Look 2007. Note: This technical paper is only to guide you the steps to follow on how to configure and use digital signatures. Therefore Certificate
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationPacket Level Authentication Overview
Packet Level Authentication Overview Dmitrij Lagutin, Dmitrij.Lagutin@hiit.fi Helsinki Institute for Information Technology HIIT Aalto University School of Science and Technology Contents Introduction
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More information1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More informationController of Certification Authorities of Mauritius
Contents Pg. Introduction 2 Public key Infrastructure Basics 2 What is Public Key Infrastructure (PKI)? 2 What are Digital Signatures? 3 Salient features of the Electronic Transactions Act 2000 (as amended)
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationSecure Data Transfer
Secure Data Transfer INSTRUCTIONS 3 Options to SECURELY TRANSMIT DATA 1. FTP 2. WinZip 3. Password Protection Version 2.0 Page 1 Table of Contents Acronyms & Abbreviations...1 Option 1: File Transfer Protocol
More informationSPAM FILTER Service Data Sheet
Content 1 Spam detection problem 1.1 What is spam? 1.2 How is spam detected? 2 Infomail 3 EveryCloud Spam Filter features 3.1 Cloud architecture 3.2 Incoming email traffic protection 3.2.1 Mail traffic
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationUnderstanding and Integrating KODAK Picture Authentication Cameras
Understanding and Integrating KODAK Picture Authentication Cameras Introduction Anyone familiar with imaging software such as ADOBE PHOTOSHOP can appreciate how easy it is manipulate digital still images.
More informationSecure Electronic Report Submission
Secure Electronic Report Submission Marsibil Ingibjörg Hjaltalín M.Sc. Thesis No. 18 2005 Computer systems engineering Informatics and Mathematical Modelling Technical University of Denmark Technical University
More informationAssociate Prof. Dr. Victor Onomza Waziri
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
More informationGuideline for E-mail Services
Guideline for E-mail Services Under the Policy on Information Technology, the Vice-President and Provost is authorized to establish guidelines for information technology services at the University of Toronto.
More informationSECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS
SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential
More informationExam Papers Encryption Project PGP Universal Server Trial Progress Report
Exam Papers Encryption Project PGP Universal Server Trial Progress Report Introduction Using encryption for secure file storage and transfer presents a number of challenges. While the use of strong, well
More informationSecure Email Inside the Corporate Network: INDEX 1 INTRODUCTION 2. Encryption at the Internal Desktop 2 CURRENT TECHNIQUES FOR DESKTOP ENCRYPTION 3
A Tumbleweed Whitepaper Secure Email Inside the Corporate Network: Providing Encryption at the Internal Desktop INDEX INDEX 1 INTRODUCTION 2 Encryption at the Internal Desktop 2 CURRENT TECHNIQUES FOR
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationAdjust Webmail Spam Settings
Adjust Webmail Spam Settings An unsolicited bulk email message is known as "spam." Spam, which usually contains some sort of commercial advertising or proposition, is sent to a large number of recipients
More informationWhy you need secure email
Why you need secure email WHITE PAPER CONTENTS 1. Executive summary 2. How email works 3. Security threats to your email communications 4. Symmetric and asymmetric encryption 5. Securing your email with
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationNetwork Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec
Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication
More informationStrong Encryption for Public Key Management through SSL
Strong Encryption for Public Key Management through SSL CH.SUSHMA, D.NAVANEETHA 1,2 Assistant Professor, Information Technology, Bhoj Reddy Engineering College For Women, Hyderabad, India Abstract: Public-key
More informationEmail Data Protection. Administrator Guide
Email Data Protection Administrator Guide Email Data Protection Administrator Guide Documentation version: 1.0 Legal Notice Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec,
More informationAn Introduction to Cryptography and Digital Signatures
An Introduction to Cryptography and Digital Signatures Author: Ian Curry March 2001 Version 2.0 Copyright 2001-2003 Entrust. All rights reserved. Cryptography The concept of securing messages through
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationWHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email
WHITE PAPER Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting Email EXECUTIVE SUMMARY Data Loss Prevention (DLP) monitoring products have greatly
More informationConsolidated Email Hygiene and Encryption Service E-Hub. Slide 1
Consolidated Email Hygiene and Encryption Service E-Hub Slide 1 Agenda E-Hub Service Overview E-Hub Benefits & Features E-Hub Rates and Implementation Microsoft FOPE Hygiene Overview Demo Microsoft FOPE
More informationGuidance Regarding Skype and Other P2P VoIP Solutions
Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,
More informationGetting the most from Apple Mail
Getting the most from Apple Mail Larry Kerschberg, Roy Wagner, Jonathan Bernstein and Friends February 28, 2015 1 Topics Mail on Macs and ios devices Configuring your accounts IMAP Folders VIP Contacts,
More informationGPG - GNU Privacy Guard
GPG - GNU Privacy Guard How to use Károly Erdei October 15, 2014 Károly Erdei GPG - GNU Privacy Guard 1/60 1 Why 2 Cryptography 3 PGP 4 KGPG-Assistant 5 -Key-Manager 6 -Editor 7 GPG4Win 8 Enigmail Károly
More information1 Attack Top Attackers Report, Top Targets Report, Top Protocol Used by Attack Report, Top Attacks Report, Top Internal Attackers Report, Top External Attackers Report, Top Internal Targets Report, Top
More informationSecure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More informationF-Secure Internet Security 2014 Data Transfer Declaration
F-Secure Internet Security 2014 Data Transfer Declaration The product s impact on privacy and bandwidth usage F-Secure Corporation April 15 th 2014 Table of Contents Version history... 3 Abstract... 3
More informationMailwall Remote Features Tour Datasheet
Management Portal & Dashboard Mailwall Remote Features Tour Datasheet Feature Benefit Learn More Screenshot Cloud based portal Securely manage your web filtering policy wherever you are without need for
More informationHow To Protect Your Data From Being Hacked On Security Cloud
F-SECURE SECURITY CLOUD Purpose, function and benefits October 2015 CONTENTS F-Secure Security Cloud in brief 2 Security Cloud benefits 3 How does Security Cloud work? 4 Security Cloud metrics 4 Security
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationEncrypting Business Files in the Cloud
Quick Guide for IT-Security and Data Privacy Encrypting Business Files in the Cloud Requirements for data security in the cloud End to end encryption Secure file transfers Data Security in the Cloud A
More informationThat Point of Sale is a PoS
SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationEmail Policy For Staff and Students
Email Policy For Staff and Students Document Version Date Policy Owner Approval Email Policy V1.2 Dec 2011 ITS Reviewed - KPMG auditor V1.3 Feb 2012 Approved - elit committee March 2012 Approved Management
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationWelcome to HomeTown Bank s Secure E-mail! User Guide
Welcome to HomeTown Bank s Secure E-mail! User Guide To access the secure email message center, click the Secure Email link on the www.htbmn.com main web page. Select whether you are a new user of the
More informationAn Encrypted File System
EncryptFS: An Encrypted File System By: Jorge Ornelas (joor2992) Ulziibayar Otgonbaatar (ulziibay) Otitochi Mbagwu (otitochi) 1 Abstract EncryptFS is an encrypted file system that stores files on an untrusted
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationIntroduction to Encryption What it s all about
Introduction to Encryption What it s all about At MOA Project, we believe privacy and the ability to communicate without government or corporate eavesdropping is a basic right of all people. Some groups,
More informationExamining Proxies to Mitigate Pervasive Surveillance
Examining Proxies to Mitigate Pervasive Surveillance Eliot Lear Barbara Fraser Abstract The notion of pervasive surveillance assumes that it is possible for an attacker to have access to all links and
More informationA Guide to Mobile Security For Citizen Journalists
A Guide to Mobile Security For Citizen Journalists Your Citizen journalism, and with it the rise of alternative media voices, is one of the most exciting possibilities for mobile phones in activism. Mobile
More informationPHOENIX: SECURE FILE TRANSFER USING SSL
Phoenix: Secure File Transfer Using SSL 1 PHOENIX: SECURE FILE TRANSFER USING SSL ARJUN VENKATRAMAN arjun.dhanush@gmail.com Phoenix: Secure File Transfer Using SSL 2 1. INTRODUCTION TO SSL 1.1 SSL: The
More informationNetwork Security - ISA 656 Email Security
Network Security - ISA 656 Angelos Stavrou November 13, 2007 The Usual Questions The Usual Questions Assets What are we trying to protect? Against whom? 2 / 33 Assets The Usual Questions Assets Confidentiality
More informationLa Cañada Unified School District Personnel Use of Technology Regulations (AR 4163.4) Also known as the Staff Technology and Internet Use Policy
LCUSD Personnel Use of Technology Regulations (AR 4163.4) Updated 08/21/08 p. 1 of 5 La Cañada Unified School District Personnel Use of Technology Regulations (AR 4163.4) Also known as the Staff Technology
More informationMathematical Model Based Total Security System with Qualitative and Quantitative Data of Human
Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative
More informationSecuring your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.
More informationNETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia
NETWORK SECURITY Farooq Ashraf Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia O u t l i n e o f t h e P r e s e n t a t i o n What is Security
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationMy FreeScan Vulnerabilities Report
Page 1 of 6 My FreeScan Vulnerabilities Report Print Help For 66.40.6.179 on Feb 07, 008 Thank you for trying FreeScan. Below you'll find the complete results of your scan, including whether or not the
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationHushmail Express Password Encryption in Hushmail. Brian Smith Hush Communications
Hushmail Express Password Encryption in Hushmail Brian Smith Hush Communications Introduction...2 Goals...2 Summary...2 Detailed Description...4 Message Composition...4 Message Delivery...4 Message Retrieval...5
More informationPGP Desktop Email Quick Start Guide version 9.6
What is PGP Desktop Email? PGP Desktop Email is part of the PGP Desktop family of products. You can use PGP Desktop Email to: Automatically and transparently encrypt, sign, decrypt, and verify email messages
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationDetailed Concept of Network Security
Detailed Concept of Network Security Er. Anup Lal Yadav M-Tech Student Er. Sahil Verma Asst. Prof. in C.S.E. Deptt. EMGOI, Badhauli. sahilkv4010@yahoo.co.in Er. Kavita Asst. Prof. in C.S.E. Deptt. EMGOI,
More informationSURE E-Mail Services Terms and Conditions SURE MAIL
SURE E-Mail Services Terms and Conditions SURE MAIL Sure offers an E-mail service that allows access to a mailbox provided by a 3 rd party partner ( Service ). The Service is accessed via the internet.
More informationMANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationTELE 301 Network Management. Lecture 18: Network Security
TELE 301 Network Management Lecture 18: Network Security Haibo Zhang Computer Science, University of Otago TELE301 Lecture 18: Network Security 1 Security of Networks Security is something that is not
More informationCHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS
70 CHAPTER 4 DEPLOYMENT OF ESGC-PKC IN NON-COMMERCIAL E-COMMERCE APPLICATIONS 4.1 INTRODUCTION In this research work, a new enhanced SGC-PKC has been proposed for improving the electronic commerce and
More informationCiphire Mail. Abstract
Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationHow do I share a file with a friend or trusted associate?
Sharing Information How do I share a file with a friend or trusted associate? Sharing a file in InformationSAFE is easy. The share utility in InformationSAFE allows you to securely share your information
More informationMANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both.
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationThreat Modelling for Web Application Deployment. Ivan Ristic ivanr@webkreator.com (Thinking Stone)
Threat Modelling for Web Application Deployment Ivan Ristic ivanr@webkreator.com (Thinking Stone) Talk Overview 1. Introducing Threat Modelling 2. Real-world Example 3. Questions Who Am I? Developer /
More informationTELECOMMUNICATION NETWORKS
THE USE OF INFORMATION TECHNOLOGY STANDARDS TO SECURE TELECOMMUNICATION NETWORKS John Snare * Manager Telematic and Security Systems Section Telecom Australia Research Laboratories Victoria TELECOMMUNICATIONS
More information